Blog

Hello Reader, Tonight we extended our search to see if the Syscache hive came back to life by looking into Windows Server 2019, Here is what we learned:

No Syscache hive by default in Server 2019

There is a SRUM database by default in Server 2019

There is an Amcache hive by default in Server 2019

There is still no Preftech in Server 2019

Shimcache showed an interesting behavior that we need to regression test back versions of Windows where executables viewed in the Explorer GUI only got entered into the Shimcache hive when they were viewable and/or highlighted in the GUI Window

Executables not yet viewed in the GUI window scroll were not present in the Shimcache